SnapReport Privacy Policy
Effective date: July 12, 2026
This Privacy Policy explains how Shield Recovery, which operates the SnapReport service under the Shield Integrated Systems brand (collectively, “SnapReport,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects information through the SnapReport mobile application, web application, company dashboard, platform-administration tools, and related services (the “Service”).
1. Scope and roles
SnapReport is a business workplace platform used by companies and their authorized personnel.
This Policy applies to:
- Field Users, including drivers and field personnel who submit reports or use shift features;
- Company Users, including owners, managers, dispatchers, office staff, and company administrators;
- Customers, meaning the business organizations that subscribe to or are authorized to use the Service; and
- visitors or individuals who communicate with us about the Service.
A Customer generally determines which personnel may use its account, what roles they have, whether optional shift-location tracking is enabled, and how Customer Data is used in its operations. For personal information processed on a Customer’s instructions, the Customer is generally the business, controller, or responsible employer, and SnapReport acts as its service provider or processor. SnapReport may act as an independent business or controller for information used to operate, secure, bill, support, and improve the Service.
2. Information we collect
2.1 Account and identity information
We may collect names, email addresses, roles, company affiliations, invitation information, account status, authentication identifiers, and related account records. Field Users may authenticate through a company-specific PIN or another authentication method enabled for their Customer.
2.2 Precise location and shift-location information
With device permission, the Service may collect precise GPS coordinates, accuracy measurements, timestamps, and related location information:
- when a Field User submits or updates a report;
- when location is manually refreshed or verified;
- while a Field User is on an active tracked shift, if the Customer enables that feature; and
- while the app is in the background or the device is locked during an active tracked shift, where the user has granted the required device permissions.
Active-shift tracking is intended to stop when the tracked shift ends, tracking is disabled, permission is withdrawn, or the user signs out, subject to normal device and network behavior.
Location data is associated with the applicable Customer, user, report, or shift. It is not made available to unrelated Customers.
2.3 Photos and media
We collect photos captured through the app or selected from the device as part of a report, together with available metadata such as timestamps, file information, and location metadata supplied by the device.
2.4 Job, vehicle, report, and operational content
We may collect vehicle identification numbers, plate or vehicle details, condition information, job assignments, statuses, notes, addresses, timestamps, signatures or acknowledgments if enabled, and other text or media submitted through the Service.
2.5 Communications
We collect messages sent through shift chat or other in-app communication features, support requests, feedback, and communications sent to us.
2.6 Device, network, and technical information
We may collect device model, operating system and version, app version, browser type, IP address, session information, crash and diagnostic data, request logs, security events, and similar technical information needed to operate and protect the Service.
2.7 Authentication and security information
We collect account identifiers, session information, login events, failed authentication attempts, PIN-attempt records, and security signals. PINs are intended to be cryptographically hashed rather than stored in readable plain text, and authentication attempts may be rate-limited or blocked for security.
2.8 Payment and subscription information
If paid plans are offered, payment processors may collect payment-card and billing details directly. SnapReport does not intend to store full payment-card numbers. We may receive limited billing information such as Customer name, billing contact, plan, payment status, invoice status, and renewal information.
2.9 Information from Customers and service providers
We may receive information from a Customer that invites or manages a user, and from vendors that help us provide authentication, hosting, storage, email, monitoring, payment processing, or support.
3. How we use information
We use information to:
- provide, operate, maintain, and support the Service;
- authenticate users and manage permissions;
- create, transmit, store, display, and organize reports, photos, chats, jobs, and shift information;
- provide report verification and location functionality;
- permit a Customer to manage its own personnel and operational records;
- process subscriptions and payments, if applicable;
- detect fraud, abuse, unauthorized access, security incidents, and service misuse;
- troubleshoot errors, analyze reliability, and improve performance;
- communicate about accounts, security, support, legal notices, and service changes;
- comply with law, legal process, and enforceable governmental requests; and
- establish, exercise, or defend legal claims.
We may use aggregated or de-identified information for analytics, security, product improvement, and business planning where it cannot reasonably identify an individual.
We do not use personal information for third-party behavioral advertising. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined by applicable California law.
4. Legal bases for processing
Where applicable law requires a legal basis, we rely on one or more of the following:
- performance of a contract or steps requested before entering a contract;
- legitimate interests in operating, securing, supporting, and improving the Service;
- compliance with legal obligations;
- consent, where consent is required; and
- protection of legal rights and prevention of fraud or abuse.
Customers are responsible for providing workplace notices, obtaining any legally required consent, and establishing any other lawful basis required for their collection and use of employee or contractor information through the Service.
5. How we disclose information
We may disclose information as follows:
5.1 Within the Customer’s organization
Authorized owners, administrators, dispatchers, office personnel, and other permitted users of the same Customer may access information according to their assigned roles and the Customer’s configuration. This may include reports, photos, job details, chat messages, and location information connected to the Customer’s operations.
5.2 Service providers
We may disclose information to vendors that provide database hosting, cloud infrastructure, storage, content delivery, email delivery, payment processing, authentication, monitoring, analytics, customer support, and security services. They may process information only to provide services to us, subject to contractual and legal obligations.
5.3 Legal, safety, and enforcement disclosures
We may disclose information when we reasonably believe disclosure is required by law, subpoena, court order, or other lawful process; necessary to protect a person’s safety; needed to investigate fraud, abuse, or a security incident; or appropriate to protect the rights, property, or operations of SnapReport, a Customer, or others.
5.4 Business transactions
Information may be disclosed or transferred in connection with a financing, merger, acquisition, reorganization, sale of assets, change of control, bankruptcy, or similar business transaction, subject to applicable law.
5.5 With direction or consent
We may disclose information when directed by the applicable Customer or user, or with legally valid consent.
6. Precise location and background tracking
Precise geolocation is sensitive information. SnapReport uses it only for operational functions such as report verification and optional active-shift tracking. SnapReport does not use precise location for advertising and does not sell it.
A Customer that enables shift tracking is responsible for:
- determining whether tracking is lawful and appropriate;
- giving all notices required by employment, labor, privacy, surveillance, and other applicable laws;
- obtaining any required consent;
- limiting tracking to legitimate business purposes;
- configuring and ending shifts appropriately; and
- responding to questions or requests from its personnel.
Users may control device permissions through their operating-system settings. Disabling location permission may prevent location-dependent features from working.
7. Data retention
We retain information only for as long as reasonably necessary for the purposes described in this Policy, subject to the following general schedule:
| Data category | General retention period |
|---|---|
| Reports, photos, location, VINs, job records, and related Customer Data | While the Customer account is active, followed by a 30-day export period after termination or cancellation; data may then be deleted or de-identified unless a longer period is required by law, an applicable agreement, a Customer instruction, or a legal hold |
| Account and identity information | While the account or Customer relationship remains active, and afterward for the period reasonably necessary to close the account, maintain security records, resolve disputes, or comply with law |
| Security, audit, login, and PIN-attempt records | Generally 12 months, unless a longer period is reasonably necessary for security, fraud prevention, investigation, or legal compliance |
| Support communications | Generally 24 months after the last communication |
| Billing, transaction, tax, and accounting records | For the period required by applicable tax, accounting, and commercial laws, commonly up to seven years |
| Backups | Until removed through normal backup rotation, disaster-recovery, and deletion processes |
We may retain information longer when reasonably necessary for litigation, legal process, regulatory obligations, fraud prevention, security investigations, enforcement of agreements, or protection of legal rights.
8. Data access, export, correction, and deletion
A Customer may request access to, correction of, export of, or deletion of Customer Data by contacting shield.snapreport@gmail.com. Individual users may also contact their Customer administrator, who may be able to address the request directly.
We verify identity and authority before fulfilling a request. Where SnapReport processes information solely on behalf of a Customer, we may refer the request to that Customer or assist the Customer in responding. We may deny or limit a request where permitted or required by law, including when information must be retained for legal, security, billing, fraud-prevention, or dispute-resolution purposes.
After termination, the Customer generally has 30 days to request an export. After that period, data may be deleted, de-identified, or made unrecoverable through ordinary retention and backup processes.
9. Security
We use administrative, technical, and organizational safeguards designed to protect information, including encrypted network connections, access controls, credential protection, rate limiting, tenant separation, logging, and least-privilege practices where appropriate.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, uninterrupted availability, or that unauthorized access will never occur. Customers and users are responsible for protecting devices, credentials, PINs, email accounts, and access to their own systems.
If a security incident triggers a legal notification obligation, we will provide notice as required by applicable law.
10. U.S. state privacy rights
Depending on where an individual resides and whether the applicable law covers SnapReport or the relevant Customer, the individual may have rights to request access, correction, deletion, or portability of personal information; obtain information about collection and disclosure; opt out of certain sales, sharing, targeted advertising, or profiling; limit certain uses of sensitive personal information; and appeal a denied request.
SnapReport does not sell personal information or use it for third-party targeted advertising. Precise geolocation is used only as reasonably necessary to provide the Service and related security or legal functions.
California residents may have rights under the California Consumer Privacy Act and California Privacy Rights Act, subject to statutory thresholds, exceptions, and the respective roles of SnapReport and the Customer. California residents will not be discriminated against for exercising applicable privacy rights.
Requests may be sent to shield.snapreport@gmail.com. We may ask for information needed to verify identity, authority, or the Customer relationship. Authorized agents may submit requests where permitted by law, subject to verification.
11. International privacy rights
If the UK GDPR, EU GDPR, or similar law applies, an individual may have rights to access, correct, erase, restrict, object to, or port personal data, withdraw consent where processing is based on consent, and complain to a supervisory authority.
Where a Customer is the controller and SnapReport is its processor, the Customer is primarily responsible for responding to data-subject requests, and SnapReport will provide reasonable assistance as required by applicable law and contract.
12. International transfers
SnapReport and its service providers may process information in the United States and other countries. Where required, we use legally recognized transfer mechanisms and contractual protections intended to protect transferred information.
13. Cookies and local storage
The web portions of the Service may use cookies, local storage, session storage, and similar technologies that are necessary for authentication, security, preferences, and core functionality. We do not currently use these technologies for third-party behavioral advertising.
14. Children
The Service is a workplace and business tool intended only for adults. Users must be at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we collected such information, we will take reasonable steps to delete it.
15. Automated decision-making
SnapReport does not use personal information to make solely automated decisions that produce legal or similarly significant effects on an individual. Automated security controls, such as temporary rate limits or blocks after repeated failed authentication attempts, are used to protect the Service and are not employment decisions.
16. Third-party services and links
The Service may interact with third-party platforms, device services, mapping providers, hosting providers, payment processors, or external links. Their privacy practices are governed by their own policies. SnapReport is not responsible for the independent privacy practices of third parties.
17. Changes to this Policy
We may update this Policy from time to time. We will revise the effective date when changes are published and provide additional notice where required by law or where a change materially affects how personal information is handled.
18. Contact
Shield Recovery Operating SnapReport under the Shield Integrated Systems brand 1055 Sonoma Blvd, Vallejo, California, United States Email: shield.snapreport@gmail.com
Privacy, data-access, deletion, support, and legal inquiries may be sent to the email address above.